How to provide persistent data protection on-premises and in the cloud

How to grant and restrict access to data

How to gain visibility and control of data in cloud apps

How to protect data in mobile devices and applications

How to detect data breaches before they cause damage

We’re now halfway through our blog series introducing these solutions. It’s a great time to take stock and understand both how far you’ve come and what more we can tackle together. In previous blogs, we showcased the ability of Azure Information Protection (AIP) to provide persistent data protection both on-premises and in the cloud, as well as the role of and Azure Active Directory (Azure AD) in granting and restricting access to data through risk-based conditional access controls. Next, we’ll turn to a discussion of Microsoft Cloud App Security to understand its role in the last two uses cases and in your own GDPR journey. You’ll discover how Cloud App Security ensures you have powerful visibility into, and control over, your data in SaaS apps while also giving you the ability to detect data breaches before they cause damage to the user or your organization.

Visibility and Control through Cloud App Security

Step 1: App Discovery

Deep visibility into user behavior and the movement of data in cloud apps is essential to meeting the GDPR requirements regarding data protection and security, but this is no easy task. A robust cloud app identification capability is your first step. Cloud App Security can discover and assess over 14K+ cloud apps against a set of 60 service, compliance, and security factors. A total risk assessment score and a report card for the app are the results of this analysis.

Now that you understand the relative risk assessment of each app, Cloud App Security policies allow you to enforce specific user behaviors in your enterprise cloud apps. App discovery and discovery anomaly policies will notify you when new apps are detected within your organization or when unusual occurrences are noted within an app. For example, you can use a discovery policy to alert when 20 or more users are detected using new apps with risk assessment score of “4” or less. These policies play an important part in understanding and enforcing the use of safe and sanctioned apps for protecting personal and sensitive data.

Step 2: Data Discovery

As you may have guessed, discovering cloud app usage isn’t always enough. If the data moving within these apps is subject to the GDPR, the apps must be governed under GDPR compliant policies and controls. For data discovery, Cloud App Security can identify unprotected personal or sensitive data with native DLP, Office DLP, or 3rd party solutions as well as detect external sharing or collaboration at a file level. As mentioned in the Part 2 blog, Cloud App Security also integrates with AIP to read file labels. Identifying personal and sensitive data you store is important for your GDPR compliance journey.

Step 3: Control Data

To secure visibility and control of data in your cloud apps, the last step is to establish controls over the data itself. With CAS, you can employ file policies to scan for specific files or file types (such as shared files), data (such as personally identifiable information), and apply governance actions.

Customizing these policies is key and will allow you to tailor the detections to your specific GDPR needs. For example, you can use a file policy to detect when personal and sensitive data are shared externally AND set the governance actions to remove external users. The ability to change sharing permissions, remove collaborators, or place users in quarantine provides near real-time control over your data.

At this point, you’ve gained visibility into your cloud apps and you’ve formulated discovery and file policy controls, but you still need a way to detect and respond to threats targeting your organization and users and do so in a way that conforms to the GDPR mandates.

Enhanced Threat Detection and Response

While your discovery and file policies are at work, Cloud App Security uses behavioral analytics and a robust anomaly detection engine to deliver enhanced threat detection and response capabilities. How does this apply to GDPR? The required GDPR timelines and conditions to report data breaches are stringent; the better informed the detection-to-response cycle is, the more equipped you will be to meet these requirements. Let’s walk through each of the key advantages that Cloud App Security provides here:

User-Centered Detections

As each user interacts with a cloud app, the service assesses the risk in users’ behavior. Impossible travel, a sudden and unexpected download (and possible exfiltration) of data, or spontaneous administrative activity may all be signs of a data breach. Through anomaly detection policies, Cloud App Security applies behavioral analysis to these events to signal you when something abnormal is found. Even better, detection isn’t driven by Cloud App Security alone; all services in EMS are working in concert to strengthen detection across on-premises and in the cloud.

Activity policies leveraging an app’s API can also be used to monitor specific user activities. For example, if you label personal and sensitive files as “GDPR Sensitive,” you can use an activity policy to monitor when anyone accesses these files from an off-corporate network IP address. Your security operations personnel can review this activity and anomaly alerts, conduct further investigation, and continuously customize the policies as needed.

Intelligence-Driven Detections

Cloud App Security’s threat intelligence and detection capabilities are enhanced with the Microsoft Intelligent Security Graph. Acting as a vast repository of threat intelligence and security research data, the graph not only provides CAS, but also all EMS security solutions, with powerful and actionable information.

Coordinated Response

Cloud App Security can take immediate action to suspend a user, revoke a password, or remove sharing permissions of a sensitive file they have accessed. At the same time, all EMS solutions work to formulate complimentary responses. As you learned in the previous post, Azure AD delivers risk-based conditional access. When abnormal events are detected, a user’s risk level increases and triggers a response in access policies. Like an automated lowering of a fortress’s gates when an advancing threat is sensed; you want this to be swift, responsive, and well-integrated, and it’s exactly that!

What’s Ahead?

Cloud App Security and EMS are here to support you in your GDPR compliance journey. In future blogs, you’ll discover how our other security features will enhance the visibility, control, threat detection, and response capabilities we introduced in today’s discussion. More importantly, you’ll witness the power of the EMS to deliver the best integrated and most holistic solution to help meet your organization’s GDPR needs!

Recent Posts from EMS Leaders

Howdy folks, I’m excited to announce you can now use PowerShell to manage deployment of your Azure AD Application Proxy. This will allow you to deploy your on-premises applications more quickly and manage them more easily. For example, we know many of you are deploying tens of Application Proxy applications and want to automate the...

On Wednesday we announced that the Microsoft Intune APIs being surfaced through Microsoft Graph have been moved from “preview” to Generally Available. We are really excited about this milestone, and we look forward to learning how to make it even better as you give us feedback and direction on the way you want to use...

Last week at Microsoft Ignite, more than 25,000 IT professionals converged in Orlando Florida to learn about Microsoft’s technology advancements, skill up across new products, and meet with Microsoft experts. For EMS we unveiled a wave of new capabilities, presented more than 45 sessions, and met with thousands of customers. I wanted to take a...

Late last week, I wrote about the remarkable quarter-century milestone reached by ConfigMgr, and today I wanted to dive even deeper into the backstory of this incredible product, share a couple announcements, and debut an awesome new documentary (lookout Sundance!) which offers an in-depth look at the genesis and growth of the product that created...

Organizations are pushing forward in their digital transformations and we continue to see and hear more about what this shift means for IT. The scope of digital transformation goes beyond moving existing work to the cloud and enabling a more mobile workforce. It brings the opportunity to reimagine business from the ground up – from...